Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.

Get a Professional Answer

Via email, text message, or notification as you wait on our site. Ask follow up questions if you need to.

100% Satisfaction Guarantee

Rate the answer you receive.

Ask Loren Your Own Question

Loren, Attorney

Category: Legal

Satisfied Customers: 34396

Experience: 30 years experience representing clients.

17897874

Type Your Legal Question Here...

Loren is online now

One of our employees car was broken into, inside was her

Customer Question

one of our employees car was broken into, inside was her locked packet of charts for the fragile infants along with her tablet. the only medical information inside her vehicle were the notes from the last home visit she made, otherwise it was names and dates of birth for other clients. There was medical information on her tablet which is protected by a password. what do we need to do in regards ***** *****?JA: Because real estate law varies from place to place, can you tell me what state this is in?Customer: my question is about HIPAA compliance. we are in the state of ArizonaJA: Has anything been filed or reported?Customer: Not yetJA: Anything else you want the lawyer to know before I connect you?Customer: no

Good afternoon. I am Loren, a licnesed attorney, and I look forward to assisting you.

Under HIPAA confidentiality rules, covered entities must notify affected individuals following the discovery of a breach of unsecured protected health information. Covered entities must provide this individual notice in written form by first-class mail, or alternatively, by e-mail if the affected individual has agreed to receive such notices electronically. If the covered entity has insufficient or out-of-date contact information for 10 or more individuals, the covered entity must provide substitute individual notice by either posting the notice on the home page of its web site for at least 90 days or by providing the notice in major print or broadcast media where the affected individuals likely reside. The covered entity must include a toll-free phone number that remains active for at least 90 days where individuals can learn if their information was involved in the breach. If the covered entity has insufficient or out-of-date contact information for fewer than 10 individuals, the covered entity may provide substitute notice by an alternative form of written notice, by telephone, or other means.

These individual notifications must be provided without unreasonable delay and in no case later than 60 days following the discovery of a breach and must include, to the extent possible, a brief description of the breach, a description of the types of information that were involved in the breach, the steps affected individuals should take to protect themselves from potential harm, a brief description of what the covered entity is doing to investigate the breach, mitigate the harm, and prevent further breaches, as well as contact information for the covered entity (or business associate, as applicable).

In addition to notifying affected individuals and the media (where appropriate), covered entities must notify the Secretary of breaches of unsecured protected health information. Covered entities will notify the Secretary by visiting the HHS web site and filling out and electronically submitting a breach report form.